The use of cloud base storage has increased tremendously. Cloud storage includes networked online storage such as data stored in virtualized pools of storage generally hosted by third parties. An entire ecosystem exists including companies that operate large data centers to serve people and entities that require data to be hosted. The data center operators may virtualize the resources according to the user's requirements, providing customers to vast storage resources, which the customers can use to store files or data objects. The resources may span across multiple physical servers.
There are many advantages to cloud storage including having to only pay for the storage actually used. In addition, entities may choose between off-premise and on-premise cloud storage options, or a mixture of the two options, to optimize other criteria such as cost savings potential, continuity of operations, disaster recovery, and security. Secondary advantages include a reduction in overhead cost as tasks are offloaded to a third party such as storage maintenance tasks, purchasing additional storage devices. These benefits allow entities to focus on their core business. However, cloud computing security is a tradeoff that users face.
A major problem with cloud-based storage involves securing the data to prevent the data from being accessed from unauthorized use. There are a number of security issues associated with cloud computing. Typically the security issues are dealt with by the cloud, or remote storage, providers. However, the data users also face issues and can benefit from taking control of security measures that prevent unauthorized use. The cloud provider is generally responsible to ensure that their infrastructure is secure and data is protected. But generally, there are few options the data creator has to protect the data before it is stored on the cloud.
This invention provides a unique solution for securely storing data wherein the data is encrypted at the source and not at the destination storage device. The invention includes a system and methods for encrypting data at the source, i.e. the client device or end-point, as well as storing and managing revisions of the data as it is used and changed by other secure devices and stored in the cloud. This invention enables a user of an end-point device to upload files onto network storage for backup and sharing with other end-point devices while providing automatic synchronization of the stored data across many devices. The invention also enables sharing with multiple users while using access privileges on a per folder or per object basis. The data is enabled to be encrypted locally on the end-point device before the data is sent to the cloud storage, such that the data on the network storage is always encrypted. The invention also encrypts the key for the files for each recipient to enable a cryptographically enforced access control. In addition, the invention enables different permission properties for each folder.